Divide seat_set_trust_status into query and update.

This complicates the API in one sense (more separate functions), but in another sense, simplifies it (each function does something simpler). When I start putting one Seat in front of another during SSH proxying, the latter will be more important - in particular, it means you can find out _whether_ a seat can support changing trust status without having to actually attempt a destructive modification.
2025-07-01 11:32:48 -05:00 · 2021-09-12 09:52:46 +01:00
parent c06c9c730f
commit 82177956da
16 changed files with 88 additions and 33 deletions
--- a/unix/console.c
+++ b/unix/console.c
@ -321,7 +321,16 @@ int console_askappend(LogPolicy *lp, Filename *filename,
 }

 bool console_antispoof_prompt = true;
-bool console_set_trust_status(Seat *seat, bool trusted)
+
+void console_set_trust_status(Seat *seat, bool trusted)
+{
+    /* Do nothing in response to a change of trust status, because
+     * there's nothing we can do in a console environment. However,
+     * the query function below will make a fiddly decision about
+     * whether to tell the backend to enable fallback handling. */
+}
+
+bool console_can_set_trust_status(Seat *seat)
 {
    if (console_batch_mode || !is_interactive() || !console_antispoof_prompt) {
        /*
@ -334,8 +343,8 @@ bool console_set_trust_status(Seat *seat, bool trusted)
         * prompt, the user couldn't respond to it via the terminal
         * anyway.
         *
-         * We also vacuously return success if the user has purposely
-         * disabled the antispoof prompt.
+         * We also return true without enabling any defences if the
+         * user has purposely disabled the antispoof prompt.
         */
        return true;
    }
--- a/unix/plink.c
+++ b/unix/plink.c
@ -407,6 +407,7 @@ static const SeatVtable plink_seat_vt = {
    .get_window_pixel_size = nullseat_get_window_pixel_size,
    .stripctrl_new = console_stripctrl_new,
    .set_trust_status = console_set_trust_status,
+    .can_set_trust_status = console_can_set_trust_status,
    .verbose = cmdline_seat_verbose,
    .interactive = plink_seat_interactive,
    .get_cursor_position = nullseat_get_cursor_position,
--- a/unix/window.c
+++ b/unix/window.c
@ -383,7 +383,8 @@ static const char *gtk_seat_get_x_display(Seat *seat);
 #ifndef NOT_X_WINDOWS
 static bool gtk_seat_get_windowid(Seat *seat, long *id);
 #endif
-static bool gtk_seat_set_trust_status(Seat *seat, bool trusted);
+static void gtk_seat_set_trust_status(Seat *seat, bool trusted);
+static bool gtk_seat_can_set_trust_status(Seat *seat);
 static bool gtk_seat_get_cursor_position(Seat *seat, int *x, int *y);

 static const SeatVtable gtk_seat_vt = {
@ -411,6 +412,7 @@ static const SeatVtable gtk_seat_vt = {
    .get_window_pixel_size = gtk_seat_get_window_pixel_size,
    .stripctrl_new = gtk_seat_stripctrl_new,
    .set_trust_status = gtk_seat_set_trust_status,
+    .can_set_trust_status = gtk_seat_can_set_trust_status,
    .verbose = nullseat_verbose_yes,
    .interactive = nullseat_interactive_yes,
    .get_cursor_position = gtk_seat_get_cursor_position,
@ -5415,10 +5417,14 @@ void new_session_window(Conf *conf, const char *geometry_string)
        ldisc_echoedit_update(inst->ldisc); /* cause ldisc to notice changes */
 }

-static bool gtk_seat_set_trust_status(Seat *seat, bool trusted)
+static void gtk_seat_set_trust_status(Seat *seat, bool trusted)
 {
    GtkFrontend *inst = container_of(seat, GtkFrontend, seat);
    term_set_trust_status(inst->term, trusted);
+}
+
+static bool gtk_seat_can_set_trust_status(Seat *seat)
+{
    return true;
 }